DEBIAN-CVE-2026-4775

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-4775

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4775.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-4775

Upstream

CVE-2026-4775

Published

2026-03-24T15:16:39.693Z

Modified

2026-04-17T17:00:09.969405Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.

References

https://security-tracker.debian.org/tracker/CVE-2026-4775

Affected packages

Debian:11 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.0-1+deb11u8

Affected versions

4.*

4.2.0-1

4.2.0-1+deb11u1

4.2.0-1+deb11u2

4.2.0-1+deb11u3

4.2.0-1+deb11u4

4.2.0-1+deb11u5

4.2.0-1+deb11u6

4.2.0-1+deb11u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4775.json"

Debian:12 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.0-6+deb12u4

Affected versions

4.*

4.5.0-6

4.5.0-6+deb12u1

4.5.0-6+deb12u2

4.5.0-6+deb12u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4775.json"

Debian:13 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.7.0-3+deb13u2

Affected versions

4.*

4.7.0-3

4.7.0-3+deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4775.json"

Debian:14 / tiff

Package

Name: tiff
Purl: pkg:deb/debian/tiff?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.7.1-2

Affected versions

4.*

4.7.0-3

4.7.0-4

4.7.0-5

4.7.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4775.json"